Efficient Patching

1. A method in a computing system, comprising: receiving in the computing system a distinguished patch package for modifying the behavior of a distinguished program; automatically extracting from the distinguished patch package (1) patch application information, identifying a distinguished portion of the distinguished program against which a patch is to be applied, and (2) patch behavior information, specifying a manner in which to modify the behavior of the identified distinguished portion of the distinguished program, wherein the extracted patch behavior information specifies modifying the behavior of the identified distinguished portion of the distinguished program to perform value validation by invoking a helper function that performs value validation on a data value accessed by the distinguished program; prior to application of the patch against the distinguished program, automatically adding a distinguished entry to a patch table, the distinguished entry containing the extracted patch application information and patch behavior information, wherein the patch table is configured to include a plurality of entries containing information extracted from a plurality of patch packages; and when the identified distinguished portion of the distinguished program is executed, invoking the helper function to perform value validation on the data value accessed by the distinguished program.

2. The method of claim 1 , further comprising using the contents of the distinguished entry to modify the behavior of the identified distinguished portion of the distinguished program.

3. The method of claim 2 wherein the contents of the distinguished entry are used to modify the behavior of the identified distinguished portion of the distinguished program at a time when no administrative user is logged in to the computer system.

4. The method of claim 2 wherein the contents of the distinguished entry are used to modify the behavior of the identified distinguished portion of the distinguished program without relying upon any user permissions.

5. The method of claim 2 wherein the contents of the distinguished entry are used to modify the behavior of the identified distinguished portion of the distinguished program without determining the location in which the distinguished program is persistently stored.

6. The method of claim 2 wherein the contents of the distinguished entry are used to modify the behavior of the identified distinguished portion of the distinguished program in response to the loading of the distinguished program.

7. The method of claim 2 wherein the contents of the distinguished entry are used to modify the behavior of the identified distinguished portion of the distinguished program in response to the execution of the identified distinguished portion of the distinguished program.

8. The method of claim 2 wherein two instances of the distinguished program are loaded, and the contents of the distinguished entry are used to modify the behavior of the identified distinguished portion of both instances of the distinguished program.

9. The method of claim 1 , further comprising: at the time the patch application information is extracted, determining whether the distinguished program is loaded in the computing system; and if the distinguished program is loaded in the computing system, using the extracted patch application information to modify the behavior of the loaded distinguished program in accordance with the patch behavior information.

10. The method of claim 1 , further comprising deleting the distinguished entry from the patch table to prevent the behavior of the identified distinguished portion of the distinguished program from being modified in accordance with the patch behavior information contained by the distinguished entry.

11. The method of claim 1 wherein the extracted patch behavior information specifies modifying the behavior of the identified distinguished portion of the distinguished program to perform value validation.

12. The method of the claim 1 wherein the extracted patch behavior information specifies modifying the behavior of the identified distinguished portion of the distinguished program to perform parameter validation.

13. The method of claim 1 wherein the extracted patch behavior information specifies modifying the behavior of the identified distinguished portion of the distinguished program to perform validation of a value read from a file.

14. The method of claim 1 wherein the extracted patch behavior information specifies modifying the behavior of the identified distinguished portion of the distinguished program to perform validation of a value inputted by user.

15. The method of claim 1 wherein the extracted patch behavior information specifies modifying the behavior of the identified distinguished portion of the distinguished program to perform validation of a value received in one or more network packets.

16. The method of claim 1 wherein the extracted patch behavior information specifies modifying the behavior of the identified distinguished portion of the distinguished program to perform parameter validation by calling a distinguished validation function.

17. The method of claim 16 wherein an entry in the patch table other than the distinguished entry also contains patch behavior information that specifies modifying the behavior of the identified distinguished portion of the distinguished program to perform parameter validation by calling the distinguished validation function.

18. The method of claim 16 , further comprising executing code for the distinguished validation function to modify the behavior of the identified distinguished portion of the distinguished program, the code not being included in the distinguished patch package.

19. A computer storage medium whose contents cause a computing system to perform a method comprising: receiving in the computing system a distinguished patch package for modifying the behavior of a distinguished programmatic entity; automatically extracting from the distinguished patch package (1) patch application information, identifying a distinguished portion of the distinguished programmatic entity against which a patch is to be applied, and (2) patch behavior information, specifying a manner in which to modify the behavior of the distinguished portion of the distinguished programmatic entity, wherein the extracted patch behavior information specifies modifying the behavior of the identified distinguished portion of the distinguished programmatic entity to perform value validation by invoking a helper function that performs value validation on a data value accessed by the distinguished programmatic entity; prior to application of the patch against the distinguished programmatic entity, automatically adding a distinguished entry to a patch table, the distinguished entry containing the extracted patch application information and patch behavior information, wherein the patch table is configured to include a plurality of entries containing information extracted from a plurality of patch packages; and when the identified distinguished portion of the distinguished programmatic entity is executed, invoking the helper function to perform value validation on the data value accessed by the distinguished programmatic entity.

20. The computer storage medium of claim 19 wherein the distinguished programmatic entity has a plurality of behaviors, only a proper subset of which the patch behavior information specifies modifying, and wherein the received distinguished patch package contains no information about behaviors of the distinguished programmatic entity that the patch behavior information does not specify modifying.

21. A computing system that automatically implements received code patches, the system comprising one or more computer storage media collectively encoding: a library of helper functions; and a computer program comprising a patching agent that: receives a package including one or more code patches, each code patch targeting a group of one or more executable modules and; automatically extracts from the package (1) patch application information, identifying an executable module in the group against which a code patch is to be applied, and (2) patch behavior information, identifying a helper function in the library and specifying a manner in which to modifying the behavior of the executable module by invoking the identified helper function to perform value validation on a data value accessed by an executable module in the group; prior to application of the code patch against the executable module, automatically adds an entry to a patch table, the entry containing the extracted patch application information and patch behavior information, wherein the patch table is configured to include a plurality of entries containing information extracted from a plurality of packages; and when the identified executable module in a group targeted by a received code patch is executed, invokes the identified helper function to perform value validation on a data value accessed by an executable module in the group.

22. The computing system of claim 21 wherein the patching agent includes a library maintenance subsystem that receives new parameter validation functions and automatically adds the received new parameter validation functions to the library, so that these new primary validation functions can be invoked in accordance with code patches that identify them.